CORS error from Okta

java

#1

calling API https://example.oktapreview.com/api/v1/users/me but giving error


#2

You can add the URL from your client to API > Trusted Origins and it might solve this issue.


#3

I have added website url on API > Trusted Origins but same error is coming from Okta server. Is there any way to solve the current issue? I have added OKHttp lib for calling api and it does not give any such CORS issue but it gives error message along with session not valid.


#4

It sounds like you’re trying to hit our API directly, rather than using one of our SDKs. Can you explain a bit more about your use case and the application you’re developing?


#5

From back-end java side I am calling API https://example.oktapreview.com/api/v1/users/me to validate session is active or not. My use case is to know session active or not. I am not using any Okta SDK. Just normal way I am calling above API. It gives error like CORS error. I already set my domain on Okta admin pannel for CORS. But it gives me error.

Can you please tell me what is doing wrong? OR what I need to do?


#6

Can you post some code snippet here?
And also a screenshot of the exact error you’re seeing.

If you look at the “get current session” API - https://developer.okta.com/docs/api/resources/sessions#get-current-session, you will notice the following -

This operation requires a session cookie for the user. API token is not allowed for this operation.

Make sure that your session cookie is set (user is logged in) and don’t pass the API Token in your code.
If the session is invalid, a 404 Not Found response will be returned.


#7

try {

                String url = "https://example.oktapreview.com/api/v1/users/me";

                URL obj = new URL(url);
                HttpURLConnection conn = (HttpURLConnection) obj.openConnection();

                conn.setRequestProperty("Accept", "application/json");
                conn.setRequestProperty("Cookie", cookie); // set cookie
                conn.setDoOutput(true);
                conn.setRequestMethod("GET");

                OutputStreamWriter out = new OutputStreamWriter(conn.getOutputStream());
                out.close();

                int responseCode = conn.getResponseCode();
                if(responseCode==200) {
                    BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
                    String line = "";
                    StringBuilder responseOutput = new StringBuilder();
                    while ((line = br.readLine()) != null) {
                        responseOutput.append(line);
                    }
                    br.close();
                    System.out.println("!!-- response=" + responseOutput.toString());
                }else{
                    System.out.println("!!-- responseCode=" + responseCode);
                }
            } catch (Exception e) {
                e.printStackTrace();
                System.out.println("!!-- error=" + e.toString());
            }

}
getting 400 response


#8

I am calling API https://example.oktapreview.com/api/v1/users/me

Just to double check, are you replacing example.oktapreview.com with your Okta organization?